我正在使用 Azure REST API 并提供 ARM 模板来部署资源组。在虚拟机资源中,我有一个 DSC 类型的扩展。代码片段如下:
{
"resources": [
{
"name": "[concat(variables('VMName'),'/SetupScript')]",
"type": "Microsoft.Compute/virtualMachines/extensions",
"location": "[parameters('DNSLocation')]",
"apiVersion": "2015-05-01-preview",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('VMName'))]"
],
"tags": {
"displayName": "SetupScript"
},
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "1.7",
"settings": {
"modulesUrl": "[variables('SetupScriptConfigurationFile')]",
"sasToken": "",
"configurationFunction": "[variables('SetupScriptConfigurationFunction')]",
"properties": {
"DomainName": "[parameters('DomainName')]",
"DomainAdminUsername": "[parameters('VMAdminUsername')]",
"DomainAdminPassword": "[parameters('VMAdminPassword')]"
}
},
"protectedSettings": {
}
}
}
]
}
正在调用的 DSC 配置如下所示:
Configuration DNSConfig
{
param
(
[string]$NodeName ='localhost',
[Parameter(Mandatory=$true)][string]$DomainName,
[Parameter(Mandatory=$true)][string]$DomainAdminUsername,
[Parameter(Mandatory=$true)][string]$DomainAdminPassword
)
#Import the required DSC Resources
Import-DscResource -Module xComputerManagement
Import-DscResource -Module xActiveDirectory
$securePassword = ConvertTo-SecureString -AsPlainText $DomainAdminPassword -Force;
$DomainAdminCred = New-Object System.Management.Automation.PSCredential($DomainAdminUsername, $securePassword);
Node $NodeName
{ #ConfigurationBlock
WindowsFeature DSCService {
Name = "DSC-Service"
Ensure = "Present"
IncludeAllSubFeature = $true
}
WindowsFeature ADDSInstall
{
Ensure = 'Present'
Name = 'AD-Domain-Services'
IncludeAllSubFeature = $true
}
WindowsFeature RSATTools
{
DependsOn= '[WindowsFeature]ADDSInstall'
Ensure = 'Present'
Name = 'RSAT-AD-Tools'
IncludeAllSubFeature = $true
}
xADDomain SetupDomain {
DomainName= $DomainName
DomainAdministratorCredential= $DomainAdminCred
SafemodeAdministratorPassword= $DomainAdminCred
DependsOn='[WindowsFeature]RSATTools'
}
#End Configuration Block
}
}
当我在本地运行 DSC 脚本时,为了成功生成该 DSC 脚本的 MOF 文件,我需要传入 ConfigurationData 的哈希表,如下所示:
$ConfigData = @{
AllNodes = @(
@{
NodeName = '*'
PSDscAllowPlainTextPassword = $true
}
)
}
DNSConfig -ConfigurationData $ConfigData -DomainName "mydomain.com" ...
我现在的问题是,我想通过我首先展示的 ARM 模板传递这种类型的 ConfigurationData 。有可能吗?如果没有,那么我应该如何设置VM扩展执行的DSC脚本的ConfigurationData?
谢谢!
最佳答案
要将配置数据传递到 DSC 扩展,您需要将其保存到 *.psd1 文件,例如:
C:\ PS> Get-Content C:\ConfigurationData.ps1
@{
AllNodes = @(
@{
NodeName = '*'
PSDscAllowPlainTextPassword = $true
}
)
}
然后将此文件上传到可从您的虚拟机访问的位置,并在模板的 protected 设置中传递 URI:
"protectedSettings": {
"DataBlobUri": "https://.../ConfigurationData.psd1"
}
与您原来的问题无关的两个建议:
DSC 扩展 1.7 版可能会在某些 ARM 部署期间产生间歇性错误。我建议看一下 Version 2.0
您可能想要加密密码而不是使用 PSDscAllowPlainTextPassword。 DSC 扩展使用 Azure 已部署到 VM 的加密证书,因此设置加密非常简单。更多信息here
关于powershell - Azure ARM 模板部署中的 DSC ConfigurationData 参数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31213426/